目录
1.编译配置
2.u-boot.lds连接配置文件
3.Stage1之start.S
4.Stage2之入口start_armboot
1.编译配置
编译前先进行配置:make smdkv210single_config
其中,Makefile中make smdkv210single_config为:
这里使用了Makefile中的替换引用规则,类似常看到的例子 obj=$(srcfiles:%.c=%.o): 由.c得到对应的.o文件.
- smdkv210single_config : unconfig
- @$(MKCONFIG) $(@:_config=) arm s5pc11x smdkc110 samsung s5pc110
- @echo "TEXT_BASE = 0xc3e00000" > $(obj)board/samsung/smdkc110/config.mk
即得到smdkv210single。
这里$(@:_config=) arm s5pc11x smdkc110 samsung s5pc110都是mkconfig(即@$(MKCONFIG))的参数,mkconfig即根目录下的脚本文件。
执行这句命令后,在include/下生成config.mk和config.h。并且Makefile包含这个config.mk。
config.mk文件:
它指定里CPU架构,CPU型号,板子型号,CPU厂商,SOC??(母鸡啦)
- ARCH = arm
- CPU = s5pc11x
- BOARD = smdkc110
- VENDOR = samsung
- SOC = s5pc110
可以根据上面的这个信息找到对应的代码。比如说CPU代码在cpu/s5pc11x下,板子代码在board/samsung/smdkc110下。
2. u-boot.lds连接配置文件
对于.lds文件,它定义了整个程序编译之后的连接过程,决定了一个可执行程序的各个段的存储位置。u-boot.lds如何指定连接过程?首先它被根目录下config.mk引用,定义如下:LDSCRIPT := $(TOPDIR)/board/$(BOARDDIR)/u-boot.lds。根据这个路径,对于Android210而言,可以找到这个文件位于:board/samsung/smdkc110/u-boot.lds。其次,LDSCRIPT这个变量何时被用到?同样在config.mk中,可以找到:
LDFLAGS += -Bstatic -T $(LDSCRIPT) $(PLATFORM_LDFLAGS)
ifneq ($(TEXT_BASE),)
LDFLAGS += -Ttext $(TEXT_BASE)
endif
-T 参数指定生成可执行文件时ld连接器如何连接,TEXT_BASE是在make smdkv210single_config时写到board/samsung/smdkc110/config.mk中的,值为0xc3e00000。
- /*
- * (C) Copyright 2002
- * Gary Jennejohn, DENX Software Engineering, <[email protected]>
- *
- * See file CREDITS for list of people who contributed to this
- * project.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- * MA 02111-1307 USA
- */
- OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm");指定输出可执行文件是elf格式,32位ARM指令,小端
- /*OUTPUT_FORMAT("elf32-arm", "elf32-arm", "elf32-arm")*/
- OUTPUT_ARCH(arm);指定输出可执行文件的平台为ARM
- ENTRY(_start);指定输出可执行文件的起始代码段为_start
- SECTIONS
- {
- . = 0x00000000; ;从0x0位置开始
- . = ALIGN(4); ;代码以4字节对齐
- .text : ;指定代码段
- {
- cpu/s5pc11x/start.o (.text)
- cpu/s5pc11x/s5pc110/cpu_init.o (.text)
- board/samsung/smdkc110/lowlevel_init.o (.text)
- cpu/s5pc11x/onenand_cp.o (.text)
- cpu/s5pc11x/nand_cp.o (.text)
- cpu/s5pc11x/movi.o (.text)
- board/samsung/smdkc110/flash.o (.text)
- common/secure.o (.text)
- common/ace_sha1.o (.text)
- cpu/s5pc11x/pmic.o (.text)
- *(.text)
- }
- . = ALIGN(4);
- .rodata : { *(.rodata) } ;指定只读数据段
- . = ALIGN(4);
- .data : { *(.data) } ;指定读/写数据段
- . = ALIGN(4);
- .got : { *(.got) } ;指定got段, got段式是uboot自定义的一个段, 非标准段
- __u_boot_cmd_start = .; ;把__u_boot_cmd_start赋值为当前位置, 即起始位置
- .u_boot_cmd : { *(.u_boot_cmd) } ;指定u_boot_cmd段, uboot把所有的uboot命令放在该段
- __u_boot_cmd_end = .; ;把__u_boot_cmd_end赋值为当前位置,即结束位置
- . = ALIGN(4);
- .mmudata : { *(.mmudata) } ;内存管理单元数据段
- . = ALIGN(4);
- __bss_start = .; ;把__bss_start赋值为当前位置,即bss段的开始位置
- .bss : { *(.bss) } ;指定bss段
- _end = .; ;把_end赋值为当前位置,即bss段的结束位置
- }
3.Stage1之start.S
uboot是典型的bootloader之一,大多数bootloader都分为stage1和stage2两部分,u-boot也不例外。依赖于CPU体系结构的代码(如设备初始化代码等)通常都放在stage1且可以用汇编语言来实现,而stage2则通常用C语言来实现,这样可以实现复杂的功能,而且有更好的可读性和移植性。u-boot的Stage1代码通常放在start.S文件中,他用汇编语言写成,其主要代码部分如下:
(1)定义入口。由于一个可执行的Image必须有一个入口点,并且只能有一个全局入口,通常这个入口放在ROM(Flash)的0x00000000地址,因此,必须通知编译器以使其知道这个入口,该工作可通过修改连接器脚本来完成。
(2)设置异常向量(Exception Vector)。
(3)设置CPU的速度、时钟频率及终端控制寄存器。
(4)初始化内存控制器。
(5)将ROM中的程序复制到RAM中。
(6)初始化堆栈。
(7)转到RAM中执行,该工作可使用指令ldr pc来完成。
根据config.mk中CPU的信息,找到对应的cpu目录为cpu/s5pc11x。首先看cpu/s5pc11x/start.S:
其中代码解释引自:http://www.cnblogs.com/Efronc/archive/2012/02/28/2371662.html
- /*
- * armboot - Startup Code for S5PC110/ARM-Cortex CPU-core
- *
- * Copyright (c) 2009 Samsung Electronics
- *
- *
- * See file CREDITS for list of people who contributed to this
- * project.
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of
- * the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
- * MA 02111-1307 USA
- *
- * Base codes by scsuh (sc.suh)
- */
- #include <config.h>
- #include <version.h>
- #if defined(CONFIG_ENABLE_MMU)
- #include <asm/proc/domain.h>
- #endif
- #include <regs.h>
- #ifndef CONFIG_ENABLE_MMU
- #ifndef CFG_PHY_UBOOT_BASE
- #define CFG_PHY_UBOOT_BASE CFG_UBOOT_BASE
- #endif
- #endif
- /*
- *************************************************************************
- *
- * Jump vector table as in table 3.1 in [1]
- *
- *************************************************************************
- */
- #if defined(CONFIG_EVT1) && !defined(CONFIG_FUSED) //阶段启动相关配置
- .word 0x2000
- .word 0x0
- .word 0x0
- .word 0x0
- #endif
- .globl _start
- _start: b reset //复位入口,此处使用b指令为相对调整,不依赖运行地址
- ldr pc, _undefined_instruction //以下进入异常处理函数
- ldr pc, _software_interrupt
- ldr pc, _prefetch_abort
- ldr pc, _data_abort
- ldr pc, _not_used
- ldr pc, _irq
- ldr pc, _fiq
- _undefined_instruction: //定义异常处理函数地址
- .word undefined_instruction
- _software_interrupt:
- .word software_interrupt
- _prefetch_abort:
- .word prefetch_abort
- _data_abort:
- .word data_abort
- _not_used:
- .word not_used
- _irq:
- .word irq
- _fiq:
- .word fiq
- _pad:
- .word 0x12345678 /* now 16*4=64 */ //保证16字节对齐
- .global _end_vect
- _end_vect:
- .balignl 16,0xdeadbeef //同样是保证16字节对齐,详见.align实验文章
- /*
- *************************************************************************
- *
- * Startup Code (reset vector) 启动代码(复位向量)此处仅进行重要的初始化操作,搬移代码和建立堆栈
- *
- * do important init only if we don't start from memory!
- * setup Memory and board specific bits prior to relocation.
- * relocate armboot to ram
- * setup stack
- *
- *************************************************************************
- */
- _TEXT_BASE:
- .word TEXT_BASE //TEST_BASE为根目录下Makefile传递进来的参数,具体为0xc3e00000
- /*
- * Below variable is very important because we use MMU in U-Boot.
- * Without it, we cannot run code correctly before MMU is ON.
- * by scsuh. //下面的代码非常重要,因为我们使用了MMU,没有这段代码,在MMC开启前我们将不能正确的运行代码
- */
- _TEXT_PHY_BASE:
- .word CFG_PHY_UBOOT_BASE //由dram的物理地址0x20000000加上0x3e00000而得,即0x23e00000.这个地址为MMU开启前的物理地址
- .globl _armboot_start
- _armboot_start:
- .word _start //复位地址,具体为0xc3e00010
- /*
- * These are defined in the board-specific linker script.
- */
- .globl _bss_start
- _bss_start:
- .word __bss_start //__bss_start在链接脚本文件中的bss段开始,_end在bss段结尾,用于清零bss端,这两个值在链接时才确定
- .globl _bss_end
- _bss_end:
- .word _end
- #if defined(CONFIG_USE_IRQ) //如果使用中断,定义中断栈地址
- /* IRQ stack memory (calculated at run-time) */
- .globl IRQ_STACK_START
- IRQ_STACK_START:
- .word 0x0badc0de
- /* IRQ stack memory (calculated at run-time) */
- .globl FIQ_STACK_START
- FIQ_STACK_START:
- .word 0x0badc0de
- #endif
- /*
- * the actual reset code
- */
- reset:
- /*
- * set the cpu to SVC32 mode and IRQ & FIQ disable
- */
- @;mrs r0,cpsr
- @;bic r0,r0,#0x1f
- @;orr r0,r0,#0xd3
- @;msr cpsr,r0
- msr cpsr_c, #0xd3 @ I & F disable, Mode: 0x13 - SVC //进入svc模式,中断禁止
- /*
- *************************************************************************
- *
- * CPU_init_critical registers
- *
- * setup important registers
- * setup memory timing
- *
- *************************************************************************
- */
- /*
- * we do sys-critical inits only at reboot, //仅在关键初始化时执行,而不是在从ram复位时执行
- * not when booting from ram!
- */
- cpu_init_crit:
- #ifndef CONFIG_EVT1
- #if 0
- bl v7_flush_dcache_all
- #else
- bl disable_l2cache //禁止l2cache
- mov r0, #0x0 @
- mov r1, #0x0 @ i
- mov r3, #0x0
- mov r4, #0x0
- lp1:
- mov r2, #0x0 @ j
- lp2:
- mov r3, r1, LSL #29 @ r3 = r1(i) <<29
- mov r4, r2, LSL #6 @ r4 = r2(j) <<6
- orr r4, r4, #0x2 @ r3 = (i<<29)|(j<<6)|(1<<1)
- orr r3, r3, r4
- mov r0, r3 @ r0 = r3
- bl CoInvalidateDCacheIndex //清除数据缓存 8 * 1024
- add r2, #0x1 @ r2(j)++
- cmp r2, #1024 @ r2 < 1024
- bne lp2 @ jump to lp2
- add r1, #0x1 @ r1(i)++
- cmp r1, #8 @ r1(i) < 8
- bne lp1 @ jump to lp1
- bl set_l2cache_auxctrl //锁定l2cache
- bl enable_l2cache //使能l2cache地址对齐
- #endif
- #endif
- bl disable_l2cache //禁止l2cache
- bl set_l2cache_auxctrl_cycle //锁定l2cache
- bl enable_l2cache //使能l2cache
- /*
- * Invalidate L1 I/D
- */
- mov r0, #0 @ set up for MCR
- mcr p15, 0, r0, c8, c7, 0 @ invalidate TLBs //禁止TLB
- mcr p15, 0, r0, c7, c5, 0 @ invalidate icache //禁止指令缓存
- /*
- * disable MMU stuff and caches
- */
- mrc p15, 0, r0, c1, c0, 0
- bic r0, r0, #0x00002000 @ clear bits 13 (--V-)
- bic r0, r0, #0x00000007 @ clear bits 2:0 (-CAM)
- orr r0, r0, #0x00000002 @ set bit 1 (--A-) Align
- orr r0, r0, #0x00000800 @ set bit 12 (Z---) BTB
- mcr p15, 0, r0, c1, c0, 0 //禁止MMC和cache
- /* Read booting information */
- ldr r0, =PRO_ID_BASE
- ldr r1, [r0,#OMR_OFFSET]
- bic r2, r1, #0xffffffc1 //读取启动信息
- #ifdef CONFIG_VOGUES
- /* PS_HOLD(GPH0_0) set to output high */
- ldr r0, =ELFIN_GPIO_BASE
- ldr r1, =0x00000001
- str r1, [r0, #GPH0CON_OFFSET]
- ldr r1, =0x5500
- str r1, [r0, #GPH0PUD_OFFSET]
- ldr r1, =0x01
- str r1, [r0, #GPH0DAT_OFFSET]
- #endif
- /* NAND BOOT */
- cmp r2, #0x0 @ 512B 4-cycle //识别各种启动方式,并将识别到的启动识别码写入R3中
- moveq r3, #BOOT_NAND
- cmp r2, #0x2 @ 2KB 5-cycle
- moveq r3, #BOOT_NAND
- cmp r2, #0x4 @ 4KB 5-cycle 8-bit ECC
- moveq r3, #BOOT_NAND
- cmp r2, #0x6 @ 4KB 5-cycle 16-bit ECC
- moveq r3, #BOOT_NAND
- cmp r2, #0x8 @ OneNAND Mux
- moveq r3, #BOOT_ONENAND
- /* SD/MMC BOOT */
- cmp r2, #0xc
- moveq r3, #BOOT_MMCSD
- /* NOR BOOT */
- cmp r2, #0x14
- moveq r3, #BOOT_NOR
- #if 0 /* Android C110 BSP uses OneNAND booting! */
- /* For second device booting */
- /* OneNAND BOOTONG failed */
- cmp r2, #0x8
- moveq r3, #BOOT_SEC_DEV
- #endif
- /* Uart BOOTONG failed */
- cmp r2, #(0x1<<4)
- moveq r3, #BOOT_SEC_DEV
- ldr r0, =INF_REG_BASE
- str r3, [r0, #INF_REG3_OFFSET] //将启动标识码写入INF_REG3中
- /*
- * Go setup Memory and board specific bits prior to relocation. //重定位前初始化存储器和板特殊位
- */
- ldr sp, =0xd0036000 /* end of sram dedicated to u-boot */ //分配给u-boot的sram的结尾 sram为0xd0020000-d003ffff 分配大小为90k
- sub sp, sp, #12 /* set stack */
- mov fp, #0
- bl lowlevel_init /* go setup pll,mux,memory */ //调用lowlevel_init函数初始化pll memory等与板子相关的内容 函数位于board目录下
- /* To hold max8698 output before releasing power on switch,
- * set PS_HOLD signal to high
- */
- ldr r0, =0xE010E81C /* PS_HOLD_CONTROL register */ //PS_HOLD输出高电平,PS_HOLD使能。PMIC相关
- ldr r1, =0x00005301 /* PS_HOLD output high */
- str r1, [r0]
- /* get ready to call C functions */
- ldr sp, _TEXT_PHY_BASE /* setup temp stack pointer */ //建立临时栈指针,内容为0x23e00000
- sub sp, sp, #12
- mov fp, #0 /* no previous frame, so fp=0 */
- /* when we already run in ram, we don't need to relocate U-Boot.
- * and actually, memory controller must be configured before U-Boot //如果程序已经在ram中运行,我们不需要重新定位u-boot。
- * is running in ram. //实际上存储器一定在u-boot在ram中运行前被初始化了
- */
- ldr r0, =0xff000fff
- bic r1, pc, r0 /* r0 <- current base addr of code */ //r1=当前PC
- ldr r2, _TEXT_BASE /* r1 <- original base addr in ram */
- bic r2, r2, r0 /* r0 <- current base addr of code */ //r2=定位后运行地址
- cmp r1, r2 /* compare r0, r1 */
- beq after_copy /* r0 == r1 then skip flash copy */ //如果r1=r2,跳过复制部分
- #if defined(CONFIG_EVT1)
- /* If BL1 was copied from SD/MMC CH2 */
- ldr r0, =0xD0037488
- ldr r1, [r0] //取0xd0037488地址的值
- ldr r2, =0xEB200000
- cmp r1, r2
- beq mmcsd_boot //如果等于0xEB200000,跳转到mmcsd_boot
- #endif
- ldr r0, =INF_REG_BASE //读取存储的INF_REG3中的启动类型
- ldr r1, [r0, #INF_REG3_OFFSET]
- cmp r1, #BOOT_NAND /* 0x0 => boot device is nand */
- beq nand_boot
- cmp r1, #BOOT_ONENAND /* 0x1 => boot device is onenand */
- beq onenand_boot
- cmp r1, #BOOT_MMCSD
- beq mmcsd_boot
- cmp r1, #BOOT_NOR
- beq nor_boot
- cmp r1, #BOOT_SEC_DEV
- beq mmcsd_boot
- nand_boot:
- mov r0, #0x1000 //以下函数实现代码的搬移
- bl copy_from_nand
- b after_copy
- onenand_boot:
- bl onenand_bl2_copy
- b after_copy
- mmcsd_boot:
- #if DELETE
- ldr sp, _TEXT_PHY_BASE
- sub sp, sp, #12
- mov fp, #0
- #endif
- bl movi_bl2_copy
- b after_copy
- nor_boot:
- bl read_hword
- b after_copy
- after_copy:
- #if defined(CONFIG_ENABLE_MMU)
- enable_mmu:
- /* enable domain access */
- ldr r5, =0x0000ffff //定义使能域的访问权限
- mcr p15, 0, r5, c3, c0, 0 @load domain access register
- /* Set the TTB register */
- ldr r0, _mmu_table_base
- ldr r1, =CFG_PHY_UBOOT_BASE
- ldr r2, =0xfff00000
- bic r0, r0, r2
- orr r1, r0, r1
- mcr p15, 0, r1, c2, c0, 0 //将MMU启用前的的mmu_table_base转成sdram中的地址,并写入cp15的c2中
- /* Enable the MMU */
- mmu_on:
- mrc p15, 0, r0, c1, c0, 0 //启用mmu
- orr r0, r0, #1
- mcr p15, 0, r0, c1, c0, 0
- nop
- nop
- nop
- nop
- #endif
- skip_hw_init:
- /* Set up the stack */
- stack_setup:
- #if defined(CONFIG_MEMORY_UPPER_CODE)
- ldr sp, =(CFG_UBOOT_BASE + CFG_UBOOT_SIZE - 0x1000)
- #else
- ldr r0, _TEXT_BASE /* upper 128 KiB: relocated uboot */
- sub r0, r0, #CFG_MALLOC_LEN /* malloc area */
- sub r0, r0, #CFG_GBL_DATA_SIZE /* bdinfo */
- #if defined(CONFIG_USE_IRQ)
- sub r0, r0, #(CONFIG_STACKSIZE_IRQ+CONFIG_STACKSIZE_FIQ)
- #endif
- sub sp, r0, #12 /* leave 3 words for abort-stack */ //为取址终止异常预留3个字空间
- #endif
- clear_bss:
- ldr r0, _bss_start /* find start of bss segment */
- ldr r1, _bss_end /* stop here */
- mov r2, #0x00000000 /* clear */
- clbss_l:
- str r2, [r0] /* clear loop... */ //清除bss端内存
- add r0, r0, #4
- cmp r0, r1
- ble clbss_l
- ldr pc, _start_armboot
- _start_armboot: //第一阶段结束,进入c程序阶段
- .word start_armboot
- #if defined(CONFIG_ENABLE_MMU)
- _mmu_table_base:
- .word mmu_table
- #endif
- /*
- * copy U-Boot to SDRAM and jump to ram (from NAND or OneNAND)
- * r0: size to be compared
- * Load 1'st 2blocks to RAM because U-boot's size is larger than 1block(128k) size
- */
- .globl copy_from_nand
- copy_from_nand:
- push {lr} /* save return address */
- mov r9, r0
- mov r9, #0x100 /* Compare about 8KB */
- bl copy_uboot_to_ram //从nandflash中读取512k到0x23e00000中
- tst r0, #0x0
- bne copy_failed
- #if defined(CONFIG_EVT1)
- ldr r0, =0xd0020000 //iram的起始地址
- #else
- ldr r0, =0xd0030000 //iram的中间地址
- #endif
- ldr r1, _TEXT_PHY_BASE /* 0x23e00000 */
- 1: ldr r3, [r0], #4 //取r0+4地址的值到r3中
- ldr r4, [r1], #4 //取r1+4地址的值到r4中
- teq r3, r4
- bne compare_failed /* not matched */ //如果r3和r4不相等,比较失败
- subs r9, r9, #4
- bne 1b
- pop {pc} /* all is OK */ //复制成功,返回
- copy_failed:
- nop /* copy from nand failed */
- b copy_failed
- compare_failed:
- nop /* compare failed */
- b compare_failed
- /*
- * we assume that cache operation is done before. (eg. cleanup_before_linux())
- * actually, we don't need to do anything about cache if not use d-cache in U-Boot
- * So, in this function we clean only MMU. by scsuh
- *
- * void theLastJump(void *kernel, int arch_num, uint boot_params);
- */
- #if defined(CONFIG_ENABLE_MMU)
- .globl theLastJump
- theLastJump:
- mov r9, r0 //保存内核地址
- ldr r3, =0xfff00000
- ldr r4, _TEXT_PHY_BASE
- adr r5, phy_last_jump
- bic r5, r5, r3
- orr r5, r5, r4
- mov pc, r5
- phy_last_jump:
- /*
- * disable MMU stuff //关闭MMU
- */
- mrc p15, 0, r0, c1, c0, 0
- bic r0, r0, #0x00002300 /* clear bits 13, 9:8 (--V- --RS) */
- bic r0, r0, #0x00000087 /* clear bits 7, 2:0 (B--- -CAM) */
- orr r0, r0, #0x00000002 /* set bit 2 (A) Align */
- orr r0, r0, #0x00001000 /* set bit 12 (I) I-Cache */
- mcr p15, 0, r0, c1, c0, 0
- mcr p15, 0, r0, c8, c7, 0 /* flush v4 TLB */
- mov r0, #0
- mov pc, r9 //跳转到内核地址
- #endif
- /*
- *************************************************************************
- *
- * Interrupt handling
- *
- *************************************************************************
- */
- @
- @ IRQ stack frame.
- @
- #define S_FRAME_SIZE 72
- #define S_OLD_R0 68
- #define S_PSR 64
- #define S_PC 60
- #define S_LR 56
- #define S_SP 52
- #define S_IP 48
- #define S_FP 44
- #define S_R10 40
- #define S_R9 36
- #define S_R8 32
- #define S_R7 28
- #define S_R6 24
- #define S_R5 20
- #define S_R4 16
- #define S_R3 12
- #define S_R2 8
- #define S_R1 4
- #define S_R0 0
- #define MODE_SVC 0x13
- #define I_BIT 0x80
- /* //定义异常时保存寄存器的宏
- * use bad_save_user_regs for abort/prefetch/undef/swi ...
- * use irq_save_user_regs / irq_restore_user_regs for IRQ/FIQ handling
- */
- .macro bad_save_user_regs
- sub sp, sp, #S_FRAME_SIZE @ carve out a frame on current user stack
- stmia sp, {r0 - r12} @ Save user registers (now in svc mode) r0-r12
- ldr r2, _armboot_start
- sub r2, r2, #(CFG_MALLOC_LEN)
- sub r2, r2, #(CFG_GBL_DATA_SIZE+8) @ set base 2 words into abort stack
- ldmia r2, {r2 - r3} @ get values for "aborted" pc and cpsr (into parm regs)
- add r0, sp, #S_FRAME_SIZE @ grab pointer to old stack
- add r5, sp, #S_SP
- mov r1, lr
- stmia r5, {r0 - r3} @ save sp_SVC, lr_SVC, pc, cpsr
- mov r0, sp @ save current stack into r0 (param register)
- .endm
- .macro irq_save_user_regs
- sub sp, sp, #S_FRAME_SIZE
- stmia sp, {r0 - r12} @ Calling r0-r12
- add r8, sp, #S_PC @ !!!! R8 NEEDS to be saved !!!! a reserved stack spot would be good.
- stmdb r8, {sp, lr}^ @ Calling SP, LR
- str lr, [r8, #0] @ Save calling PC
- mrs r6, spsr
- str r6, [r8, #4] @ Save CPSR
- str r0, [r8, #8] @ Save OLD_R0
- mov r0, sp
- .endm
- .macro irq_restore_user_regs
- ldmia sp, {r0 - lr}^ @ Calling r0 - lr
- mov r0, r0
- ldr lr, [sp, #S_PC] @ Get PC
- add sp, sp, #S_FRAME_SIZE
- subs pc, lr, #4 @ return & move spsr_svc into cpsr
- .endm
- .macro get_bad_stack
- ldr r13, _armboot_start @ setup our mode stack (enter in banked mode)
- sub r13, r13, #(CFG_MALLOC_LEN) @ move past malloc pool
- sub r13, r13, #(CFG_GBL_DATA_SIZE+8) @ move to reserved a couple spots for abort stack
- str lr, [r13] @ save caller lr in position 0 of saved stack
- mrs lr, spsr @ get the spsr
- str lr, [r13, #4] @ save spsr in position 1 of saved stack
- mov r13, #MODE_SVC @ prepare SVC-Mode
- @ msr spsr_c, r13
- msr spsr, r13 @ switch modes, make sure moves will execute
- mov lr, pc @ capture return pc
- movs pc, lr @ jump to next instruction & switch modes.
- .endm
- .macro get_bad_stack_swi
- sub r13, r13, #4 @ space on current stack for scratch reg.
- str r0, [r13] @ save R0's value.
- ldr r0, _armboot_start @ get data regions start
- sub r0, r0, #(CFG_MALLOC_LEN) @ move past malloc pool
- sub r0, r0, #(CFG_GBL_DATA_SIZE+8) @ move past gbl and a couple spots for abort stack
- str lr, [r0] @ save caller lr in position 0 of saved stack
- mrs r0, spsr @ get the spsr
- str lr, [r0, #4] @ save spsr in position 1 of saved stack
- ldr r0, [r13] @ restore r0
- add r13, r13, #4 @ pop stack entry
- .endm
- .macro get_irq_stack @ setup IRQ stack
- ldr sp, IRQ_STACK_START
- .endm
- .macro get_fiq_stack @ setup FIQ stack
- ldr sp, FIQ_STACK_START
- .endm
- /*
- * exception handlers //异常处理句柄
- */
- .align 5
- undefined_instruction:
- get_bad_stack
- bad_save_user_regs
- bl do_undefined_instruction
- .align 5
- software_interrupt:
- get_bad_stack_swi
- bad_save_user_regs
- bl do_software_interrupt
- .align 5
- prefetch_abort:
- get_bad_stack
- bad_save_user_regs
- bl do_prefetch_abort
- .align 5
- data_abort:
- get_bad_stack
- bad_save_user_regs
- bl do_data_abort
- .align 5
- not_used:
- get_bad_stack
- bad_save_user_regs
- bl do_not_used
- #if defined(CONFIG_USE_IRQ)
- .align 5
- irq:
- get_irq_stack
- irq_save_user_regs
- bl do_irq
- irq_restore_user_regs
- .align 5
- fiq:
- get_fiq_stack
- /* someone ought to write a more effiction fiq_save_user_regs */
- irq_save_user_regs
- bl do_fiq
- irq_restore_user_regs
- #else
- .align 5
- irq:
- get_bad_stack
- bad_save_user_regs
- bl do_irq
- .align 5
- fiq:
- get_bad_stack
- bad_save_user_regs
- bl do_fiq
- #endif
- .align 5
- .global arm_cache_flush
- arm_cache_flush:
- mcr p15, 0, r1, c7, c5, 0 @ invalidate I cache
- mov pc, lr @ back to caller
- /*
- * v7_flush_dcache_all()
- *
- * Flush the whole D-cache.
- *
- * Corrupted registers: r0-r5, r7, r9-r11
- *
- * - mm - mm_struct describing address space
- */
- .align 5
- .global v7_flush_dcache_all
- v7_flush_dcache_all:
- ldr r0, =0xffffffff
- mrc p15, 1, r0, c0, c0, 1 @ Read CLIDR
- ands r3, r0, #0x7000000
- mov r3, r3, LSR #23 @ Cache level value (naturally aligned)
- beq Finished
- mov r10, #0
- Loop1:
- add r2, r10, r10, LSR #1 @ Work out 3xcachelevel
- mov r1, r0, LSR r2 @ bottom 3 bits are the Ctype for this level
- and r1, r1, #7 @ get those 3 bits alone
- cmp r1, #2
- blt Skip @ no cache or only instruction cache at this level
- mcr p15, 2, r10, c0, c0, 0 @ write the Cache Size selection register
- mov r1, #0
- mcr p15, 0, r1, c7, c5, 4 @ PrefetchFlush to sync the change to the CacheSizeID reg
- mrc p15, 1, r1, c0, c0, 0 @ reads current Cache Size ID register
- and r2, r1, #0x7 @ extract the line length field
- add r2, r2, #4 @ add 4 for the line length offset (log2 16 bytes)
- ldr r4, =0x3FF
- ands r4, r4, r1, LSR #3 @ R4 is the max number on the way size (right aligned)
- clz r5, r4 @ R5 is the bit position of the way size increment
- ldr r7, =0x00007FFF
- ands r7, r7, r1, LSR #13 @ R7 is the max number of the index size (right aligned)
- Loop2:
- mov r9, r4 @ R9 working copy of the max way size (right aligned)
- Loop3:
- orr r11, r10, r9, LSL r5 @ factor in the way number and cache number into R11
- orr r11, r11, r7, LSL r2 @ factor in the index number
- mcr p15, 0, r11, c7, c6, 2 @ invalidate by set/way
- subs r9, r9, #1 @ decrement the way number
- bge Loop3
- subs r7, r7, #1 @ decrement the index
- bge Loop2
- Skip:
- add r10, r10, #2 @ increment the cache number
- cmp r3, r10
- bgt Loop1
- Finished:
- mov pc, lr
- .align 5
- .global disable_l2cache
- disable_l2cache:
- mrc p15, 0, r0, c1, c0, 1
- bic r0, r0, #(1<<1)
- mcr p15, 0, r0, c1, c0, 1
- mov pc, lr
- .align 5
- .global enable_l2cache
- enable_l2cache:
- mrc p15, 0, r0, c1, c0, 1
- orr r0, r0, #(1<<1)
- mcr p15, 0, r0, c1, c0, 1
- mov pc, lr
- .align 5
- .global set_l2cache_auxctrl
- set_l2cache_auxctrl:
- mov r0, #0x0
- mcr p15, 1, r0, c9, c0, 2
- mov pc, lr
- .align 5
- .global set_l2cache_auxctrl_cycle
- set_l2cache_auxctrl_cycle:
- mrc p15, 1, r0, c9, c0, 2
- bic r0, r0, #(0x1<<29)
- bic r0, r0, #(0x1<<21)
- bic r0, r0, #(0x7<<6)
- bic r0, r0, #(0x7<<0)
- mcr p15, 1, r0, c9, c0, 2
- mov pc,lr
- .align 5
- CoInvalidateDCacheIndex:
- ;/* r0 = index */
- mcr p15, 0, r0, c7, c6, 2
- mov pc,lr
- #if defined(CONFIG_INTEGRATOR) && defined(CONFIG_ARCH_CINTEGRATOR)
- /* Use the IntegratorCP function from board/integratorcp/platform.S */
- #elif defined(CONFIG_S5PC11X)
- /* For future usage of S3C64XX*/
- #else
- .align 5
- .globl reset_cpu
- reset_cpu:
- ldr r1, rstctl /* get addr for global reset reg */
- mov r3, #0x2 /* full reset pll+mpu */
- str r3, [r1] /* force reset */
- mov r0, r0
- _loop_forever:
- b _loop_forever
- rstctl:
- .word PM_RSTCTRL_WKUP
- #endif
State 1最后,调用里start_armboot函数,这个函数是State2的入口函数。
4.Stage2之入口start_armboot
start_armboot函数是纯C写的,位于lib_arm/board.c中。此函数经过一系列的动作之后,最终进入main_loop循环。main_loop位于common/main.c中,它主要用于执行common下定义的一些cmd。在正常启动的情况下,main_loop会在abortboot处等待n秒中(n一般是设置在uboot环境变量中,可以用getenv冲env中读取,一般设置成3s),然后从env中读取bootcmd的值,用run_command执行bootcmd命令。对于原始Android210来讲,bootcmd=nand read C0008000 600000 400000;bootm C0008000。
bootcmd中调用里两个命令,分别是nand和bootm。
nand命令,对应的源文件是common/cmd_nand.c。它的主要功能是...
bootm命令,对应的源文件是common/cmd_bootm.c。命令格式:
- U_BOOT_CMD(
- bootm, CFG_MAXARGS, 1, do_bootm,
- "bootm - boot application image from memory\n",
- "[addr [arg ...]]\n - boot application image stored in memory\n"
- "\tpassing arguments 'arg ...'; when booting a Linux kernel,\n"
- "\t'arg' can be the address of an initrd image\n"
- #if defined(CONFIG_OF_LIBFDT)
- "\tWhen booting a Linux kernel which requires a flat device-tree\n"
- "\ta third argument is required which is the address of the\n"
- "\tdevice-tree blob. To boot that kernel without an initrd image,\n"
- "\tuse a '-' for the second argument. If you do not pass a third\n"
- "\ta bd_info struct will be passed instead\n"
- #endif
- #if defined(CONFIG_FIT)
- "\t\nFor the new multi component uImage format (FIT) addresses\n"
- "\tmust be extened to include component or configuration unit name:\n"
- "\taddr:<subimg_uname> - direct component image specification\n"
- "\taddr#<conf_uname> - configuration specification\n"
- "\tUse iminfo command to get the list of existing component\n"
- "\timages and configurations.\n"
- #endif
- );
可以看到命令名为bootm,对应执行函数为do_bootm:
- /*******************************************************************/
- /* bootm - boot application image from image in memory */
- /*******************************************************************/
- int do_bootm (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[])
- {
- image_header_t *hdr;
- ulong addr;
- ulong iflag;
- const char *type_name;
- uint unc_len = CFG_BOOTM_LEN;
- uint8_t comp, type, os;
- void *os_hdr;
- ulong os_data, os_len;
- ulong image_start, image_end;
- ulong load_start, load_end;
- ulong mem_start;
- phys_size_t mem_size;
- struct lmb lmb;
- memset ((void *)&images, 0, sizeof (images));
- images.verify = getenv_yesno ("verify");
- ...........
- lmb_reserve(&lmb, load_start, (load_end - load_start));
- #if defined(CONFIG_ZIMAGE_BOOT)
- after_header_check:
- os = hdr->ih_os;
- #endif
- switch (os) {
- default: /* handled by (original) Linux case */
- case IH_OS_LINUX:
- #ifdef CONFIG_SILENT_CONSOLE
- fixup_silent_linux();
- #endif
- do_bootm_linux (cmdtp, flag, argc, argv, &images);
- break;
- case IH_OS_NETBSD:
- do_bootm_netbsd (cmdtp, flag, argc, argv, &images);
- break;
- .............
- return 1;
- }
其中有do_bootm_linux函数,这个函数是启动kernel的函数。对于Android210来讲,这个文件位于lib_arm/bootm.c中。do_bootm_linux:
- void do_bootm_linux (cmd_tbl_t *cmdtp, int flag, int argc, char *argv[],
- bootm_headers_t *images)
- {
- ulong initrd_start, initrd_end;
- ulong ep = 0;
- bd_t *bd = gd->bd;
- char *s;
- int machid = bd->bi_arch_number;
- void (*theKernel)(int zero, int arch, uint params);
- int ret;
- #ifdef CONFIG_CMDLINE_TAG
- char *commandline = getenv ("bootargs");
- #endif
- /* find kernel entry point */
- if (images->legacy_hdr_valid) {
- ep = image_get_ep (&images->legacy_hdr_os_copy);
- #if defined(CONFIG_FIT)
- } else if (images->fit_uname_os) {
- ret = fit_image_get_entry (images->fit_hdr_os,
- images->fit_noffset_os, &ep);
- if (ret) {
- puts ("Can't get entry point property!\n");
- goto error;
- }
- #endif
- } else {
- puts ("Could not find kernel entry point!\n");
- goto error;
- }
- theKernel = (void (*)(int, int, uint))ep;
- s = getenv ("machid");
- if (s) {
- machid = simple_strtoul (s, NULL, 16);
- printf ("Using machid 0x%x from environment\n", machid);
- }
- ret = boot_get_ramdisk (argc, argv, images, IH_ARCH_ARM,
- &initrd_start, &initrd_end);
- if (ret)
- goto error;
- show_boot_progress (15);
- debug ("## Transferring control to Linux (at address %08lx) ...\n",
- (ulong) theKernel);
- #if defined (CONFIG_SETUP_MEMORY_TAGS) || \
- defined (CONFIG_CMDLINE_TAG) || \
- defined (CONFIG_INITRD_TAG) || \
- defined (CONFIG_SERIAL_TAG) || \
- defined (CONFIG_REVISION_TAG) || \
- defined (CONFIG_LCD) || \
- defined (CONFIG_VFD) || \
- defined (CONFIG_MTDPARTITION)
- setup_start_tag (bd);
- #ifdef CONFIG_SERIAL_TAG
- setup_serial_tag (¶ms);
- #endif
- #ifdef CONFIG_REVISION_TAG
- setup_revision_tag (¶ms);
- #endif
- #ifdef CONFIG_SETUP_MEMORY_TAGS
- setup_memory_tags (bd);
- #endif
- #ifdef CONFIG_CMDLINE_TAG
- setup_commandline_tag (bd, commandline);
- #endif
- #ifdef CONFIG_INITRD_TAG
- if (initrd_start && initrd_end)
- setup_initrd_tag (bd, initrd_start, initrd_end);
- #endif
- #if defined (CONFIG_VFD) || defined (CONFIG_LCD)
- setup_videolfb_tag ((gd_t *) gd);
- #endif
- #ifdef CONFIG_MTDPARTITION
- setup_mtdpartition_tag();
- #endif
- setup_end_tag (bd);
- #endif
- /* we assume that the kernel is in place */
- printf ("\nStarting kernel ...\n\n");
- #ifdef CONFIG_USB_DEVICE
- {
- extern void udc_disconnect (void);
- udc_disconnect ();
- }
- #endif
- cleanup_before_linux ();
- theKernel (0, machid, bd->bi_boot_params);
- /* does not return */
- return;
- error:
- do_reset (cmdtp, flag, argc, argv);
- return;
- }
do_bootm_linux中最后一个参数是bootm_headers_t *images。